WO2016184216A1 - Link-stealing prevention method, link-stealing prevention server, and client side - Google Patents

Link-stealing prevention method, link-stealing prevention server, and client side Download PDF

Info

Publication number
WO2016184216A1
WO2016184216A1 PCT/CN2016/075229 CN2016075229W WO2016184216A1 WO 2016184216 A1 WO2016184216 A1 WO 2016184216A1 CN 2016075229 W CN2016075229 W CN 2016075229W WO 2016184216 A1 WO2016184216 A1 WO 2016184216A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
client
message
string
server
Prior art date
Application number
PCT/CN2016/075229
Other languages
French (fr)
Chinese (zh)
Inventor
曹立权
胡东旭
Original Assignee
乐视云计算有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201510251430.5 priority Critical
Priority to CN201510251430.5A priority patent/CN105721411A/en
Application filed by 乐视云计算有限公司 filed Critical 乐视云计算有限公司
Publication of WO2016184216A1 publication Critical patent/WO2016184216A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/02Communication control; Communication processing
    • H04L29/06Communication control; Communication processing characterised by a protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal

Abstract

Embodiments of the present invention provide a link-stealing prevention method, a link-stealing prevention server, and a client side. The method comprises: when a server sends a verification character string corresponding to a client side to the client side, the client side encrypts the verification character string to generate first verification information and sends same to the server; the server processes, according to the verification character string, keys corresponding to the verification character string and the client side to generate second verification information; and when the first verification information is different from the second verification information, reject to send multimedia information to the client side. By adopting the technical solution of the embodiments of the present invention, a server authenticates generated first verification information by means of keys corresponding to a verification character string and a client side, and determines the unauthenticated client side to be a link-stealing client side, and the determination process of the link-stealing client side is not limited by an IP address and a reference address, such that an application scope is effectively enlarged and link-stealing prevention reliability is effectively improved on the basis of further guaranteeing the link-stealing prevention reliability.

Description

Method for preventing chain hacking, server and client for preventing stolen chain Technical field

Embodiments of the present invention relate to the field of video broadcasting, and in particular, to a method for preventing an anti-theft chain, a server for preventing a stolen chain, and a client.

Background technique

With the development of Internet technology, the security of the Internet is becoming more and more important. In the Internet, there is a chain stealing technology, sometimes called external chain technology, which is an illegal web content acquisition behavior. It refers to illegal websites that use various means to set the page content of other websites to be illegal. The webpage provided by the website, so as to use the content of the webpage provided by other websites without authorization, to obtain benefits.

Using stolen chain technology to illegally carry other webpage content on its own webpage. If other webpage content provides webpage content for video or services such as search function, the stolen chain technology directly affects other webpages that provide webpage content, which becomes an influence. An important issue of Internet security. Illegal websites, through the use of stolen chain technology, can not only use the content and services of other web pages, but also provide hacker attacks such as webpages and webpage phishing on other webpages to a certain extent.

In order to prevent web content from being stolen, there are several ways to prevent theft:

In the first method, a management mechanism is set for the user who invokes the content of the webpage. By setting an access blacklist of webpage content, the blacklist records a plurality of IP (Internet Protocol) addresses forbidding access to the webpage, and when the website providing the webpage content receives the request for accessing the content of the webpage, detecting and transmitting the Whether the requested IP address is in the blacklist, and if so, access to the content of the webpage is prohibited to prevent the stolen chain of the webpage content.

Method 2, judging the reference address method. The method of judging the reference address is to determine whether to steal the chain by judging the value of the Referer field of the HTTP (Hyper Text Transfer Protocol) header at the time of the browser request.

The above two anti-theft chain methods have defects: the first method is based on the authentication of the IP address, and the role of establishing the blacklist is limited to the scope of the pirate chain; the second method is to determine the application address to prevent theft, but Because the reference address is easily forged, resulting in incomplete anti-theft chain.

It can be seen that in the existing anti-theft chain technology, there is a problem that the reliability and accuracy of the anti-theft chain are poor.

Summary of the invention

The embodiment of the invention provides a method for preventing chain hacking, a server for preventing hacking, and a client for solving the problem that the reliability and accuracy of the anti-theft chain are poor in the existing anti-theft chain technology.

The specific technical solutions provided by the embodiments of the present invention are as follows:

An embodiment of the present invention provides a method for preventing hacking, including: obtaining, according to a received multimedia information request message, a verification string corresponding to a client that sends the multimedia information request message; and generating, according to the verification string, And verifying the message; and sending the verification message to the client; notifying the client to perform an operation on the verification string included in the verification message, generating first verification information; and receiving a verification response sent by the client a message, wherein the verification response message includes the first verification information; performing an operation on the verification string and a key corresponding to the client to generate second verification information; and when the first verification information is When the second verification information is different, the client is determined to be a hacking client, and the multimedia information requested by the multimedia information request message is refused to be sent to the client.

An embodiment of the present invention provides a method for preventing a hacking, including: sending a multimedia information request message to a server; and receiving a verification message generated by the server according to the multimedia information request message, where the verification message includes verification a string; performing an operation on the verification string included in the verification message to generate first verification information; generating a verification response message to the server according to the first verification information; and notifying the server to the verification character The string and the locally corresponding key are operated to generate second verification information, and when the first verification information is different from the second verification information, the multimedia information returned by the server is refused to be sent to the local.

The embodiment of the present invention provides a server for preventing theft chain, comprising: a verification string obtaining unit, configured to obtain a verification string corresponding to the client that sends the multimedia information request message according to the received multimedia information request message; a message generating unit, configured to generate a verification message according to the verification string, a sending unit, configured to send the verification message to the client, and a notification unit, configured to notify the client to the verification message The included verification string is operated to generate first verification information, and the receiving unit is configured to receive the sending by the client a verification response message, wherein the verification response message includes the first verification information; the verification information generating unit is configured to perform operation on the verification string and the key corresponding to the client to generate second verification information a hacking processing unit, configured to: when the first verification information is different from the second verification information, determine that the client is a hacking client, and refuse to send the multimedia information requested by the multimedia information request message To the client.

The embodiment of the present invention provides a client for preventing theft, comprising: a sending unit, configured to send a multimedia information request message to the server; and a receiving unit, configured to receive the verification generated by the server according to the multimedia information request message a message, wherein the verification message includes a verification string; the verification information generating unit is configured to perform an operation on the verification string included in the verification message to generate first verification information; and a verification response message generating unit, configured to The first verification information, the verification response message is generated; the sending unit is further configured to send the verification response message to the server, and the notification unit is configured to notify the server to the verification string and the client The key corresponding to the operation is performed to generate the second verification information, and when the first verification information is different from the second verification information, the multimedia information returned by the server is refused to be sent to the client.

In the embodiment of the present invention, when the server receives the multimedia information request message sent by the client, the server sends the verification string corresponding to the client to the client; the client encrypts the verification string to generate the first verification information. To the server; the server processes the verification string and the key corresponding to the client according to the verification string, and generates second verification information; when the first verification information and the second verification information are different, the client is determined to be The hacking client then refuses to send multimedia information to the hacking client. According to the technical solution of the embodiment of the present invention, the server authenticates the generated first verification information by using the verification string and the key corresponding to the client, and determines the client that fails the authentication as the hacking client. The process of determining the stolen client depends on the authentication result, and is not limited by the IP address and the reference address. On the basis of further ensuring the reliability of the anti-theft chain, the scope of application and the reliability of the anti-theft chain are effectively improved.

DRAWINGS

1 is a schematic structural diagram of a communication system according to an embodiment of the present invention;

2 is a schematic diagram of signaling interaction between devices in a communication system according to an embodiment of the present invention;

3 is a flowchart 1 of a method for preventing hacking in an embodiment of the present invention;

4 is a second flowchart of a method for preventing chain hacking according to an embodiment of the present invention;

FIG. 5 is a schematic structural diagram of a server for preventing hacking in an embodiment of the present invention; FIG.

FIG. 6 is a schematic structural diagram of a client for preventing stolen chains according to an embodiment of the present invention.

detailed description

The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

1 is a schematic diagram of a communication system architecture in an embodiment of the present invention, where the communication system includes a server and a plurality of clients, wherein the server is a device capable of providing multimedia information, and the communication system includes a A server and a client are taken as an example, and preferred embodiments of the embodiments of the present invention are described in detail with reference to the accompanying drawings.

Referring to FIG. 2, it is a signaling interaction diagram between a server and a client in the embodiment of the present invention. The client generates a corresponding multimedia information request message according to the user indication; the server generates a verification message and sends the verification message to the client according to the received multimedia information request message; the client generates a verification response message according to the verification message; and the server generates the verification response message according to the verification response message. The content contained in the client authenticates the client. When the client is a legitimate client, the multimedia information requested by the client is sent to the client. Otherwise, the multimedia information is refused to be sent to the client.

The embodiments of the present invention are further described in detail below with reference to the accompanying drawings.

As shown in FIG. 3, in the embodiment of the present invention, the process of preventing theft on the server side includes:

Step 300: Acquire, according to the received multimedia information request message, a verification string corresponding to the client that sends the multimedia information request message.

In the embodiment of the present invention, the server receives the multimedia information request message sent by the client, where the multimedia information request message includes multiple message attributes, such as: the multimedia information requested by the client, the IP address of the client, and the network port number, and the The multimedia information request message may be implemented by using an HTTP message; the multimedia information may be picture information, video information or audio information.

Optionally, the multiple message attributes included in the server acquiring the multimedia information request message at least include: the IP address and the network port number of the client, and the IP address and the network port number are arranged according to a preset rule to generate a verification string. The preset rule may be preset according to the preset The order is arranged in order, or it may be arranged in an out-of-order manner.

Further, the message attribute included in the multimedia information request message further includes: acquiring the time when the multimedia information request message is received (indicated as T1), and the server may also generate a random number locally (denoted as RN); the server may use the foregoing IP address. The network port number and the T1 are arranged according to a preset rule to generate a verification string. Alternatively, the server arranges the IP address and the network port number and the RN according to a preset rule to generate a verification string.

Preferably, the server arranges the IP address and the network port number included in the RN, the multimedia information request message, and the T1 in a preset order to form a verification string (denoted as CH), for example, the preset sequence is RN. , IP address, network port number, T1, the verification string is (CH=RN+IP address+network port number+T1); or, the RN, IP address, network port number, and T1 are performed according to the preset method. The out-of-order combination forms a verification string. For example, the IP address is (ABC) and the network port number is P. The default method is to add the network port number to the second character of the IP address, and then the RN and the sorted IP address. And the network port number, T1, the verification string is (CH=RN+ABP-C+T1).

In addition to generating the verification string in the above manner, the server may also perform multiple presets on the multimedia information request message, such as the client's IP address, network port number, RN, and T1, such as the server. The IP address, network port number, RN and T1 of the above client are respectively assigned different weights, and the weighted summation of all parameters is used as a verification string.

According to the above technical solution, the server generates different verification strings for each client according to the relevant attributes of the client. Even if the same client requests multimedia information from the server at different time points, the server generates different verification strings. It avoids the problem that the server generates the same verification string for all clients or the authentication string that is inconvenient for the same client, which causes poor security and ensures the reliability of the anti-theft chain process.

Step 310: Generate a verification message according to the verification string.

In the embodiment of the present invention, the server adds the above verification string to the specified field in the verification message.

Step 320: Send the above verification message to the client.

In the embodiment of the present invention, the server sends the foregoing verification message including the verification string to the client.

Step 330: Notifying the client to perform an operation on the verification string included in the verification message. Generate first verification information.

In the embodiment of the present invention, after receiving the verification request sent by the server, the client obtains the verification string included in the verification request; the client responds to the verification request by using a preset white box encryption function locally (denoted as WB), encrypting the above verification string, and processing the encrypted verification string by using a preset digital signature algorithm to generate first verification information (denoted as DG). The white box encryption function is an encryption function generated according to a preset encryption algorithm and a key, and the preset encryption algorithm may be set according to a specific application scenario; when the client generates a white box encryption function, the foregoing is deleted. Key.

Optionally, the first verification information obtained by the client satisfies the following formula:

DG=SHA-1(WB(CH)) Formula One

Wherein, DG represents the first verification information; SHA-1 (Secure Hash Algorithm) represents a preset digital signature algorithm, and the digital signature algorithm algorithm is used to shorten the encrypted verification string, so that The encrypted string length is less than 20 bytes, so that the encrypted verification string occupies less bandwidth resources during transmission; WB is a white box encryption function; CH is a verification string.

According to the above technical solution, the client generates a white box encryption function locally according to the preset encryption function and the key, and the generated verification string is processed by the white box encryption function, and the client does not include the key locally, and the chain is stolen. No matter whether through static tracking or dynamic tracking, the key cannot be obtained. Even if the hacker knows the above-mentioned default encryption algorithm, the brute force method is needed to obtain the key, thereby implementing the hacking, which will greatly improve the duration of the hacking. The cost of stealing chains increases the reliability of the anti-theft chain.

Step 340: Receive a verification response message sent by the client, where the verification response message includes the foregoing first verification information.

In the embodiment of the present invention, when the server receives the verification response message sent by the client, the server obtains the first verification information included in the verification response message.

Optionally, after the server sends the verification message to the client, the verification string corresponding to the client is deleted, and correspondingly, the verification response message sent by the client to the server may further include a verification string. With this technical solution, the server clears the verification string from the local, which reduces the occupation of the server storage space by the verification string.

Step 350: Perform an operation on the verification string and the key corresponding to the client to generate second verification information.

In the embodiment of the present invention, the server locally stores a peer function (denoted as ENC), the peer function is a general function, which corresponds to a white box encryption function; the server locally includes a key corresponding to each client, or The server locally includes a key corresponding to each client type, and the server may obtain a key corresponding to the client according to the client identifier or the client type; and use the peer function to verify the string and the key corresponding to the client. Performing an operation; and encrypting the verification string after the operation by using a preset encryption algorithm to generate second verification information (denoted as DGS).

Further, before the verification string and the key corresponding to the client are operated, the server also needs to verify whether the IP address and the network port number are correct; wherein the server determines that the IP address and the network port number are correct, that is, the server determines the verification string. The IP address contained in the server is the same as the IP address of the current TCP (Transmission Control Protocol) connection detected by the server, and the network port number included in the verification string and the current TCP detected by the server. The network port number of the connection is the same.

Further, when the verification string is generated according to T1, before the operation of the verification string and the key corresponding to the client, the server needs to acquire T1 and receive the second verification information (ie, T2), and calculate The duration between T1 and T2 (ie, T2-T1); the server determines that the above (T2-T1) has not reached the preset duration, and the above IP address and the network port number are correct.

Further, when the server determines that (T2-T1) reaches the preset duration, or the above IP address, or the network port number is incorrect, the client is prompted to resend the verification response message.

Optionally, the second verification information generated by the server satisfies the following formula:

DGS=SHA-1(ENC(CH, KEY)) Formula 2

Wherein, DGS represents the first verification information; SHA-1 represents a preset digital signature algorithm; ENC is a peer-to-peer function, optionally, the ENC may be (Advanced Encryption Standard; short for Advanced Encryption Standard Algorithm); CH is verification String.

Step 360: When the first verification information is different from the second verification information, determine that the client is a hacking client, and refuse to send the multimedia information requested by the multimedia information request message to the client.

In the embodiment of the present invention, the server compares the first verification information with the second verification information, and determines, according to the comparison result, whether the client is a chain stealing client.

Optionally, when the server determines that the first verification information is the same as the second verification information, determining that the client is a non-hacking client, sending the multimedia information requested by the multimedia information request message to the Client, where multimedia information can be carried over HTTP messages. When the server determines that the first verification information is different from the second verification information, it is determined that the client is a hacking client, and the multimedia information requested by the multimedia information request message is refused to be sent to the client.

Further, when the server determines that the client is a hacking client, the identifier of the client is added to the locally saved blacklist, and when the multimedia information request message sent by the client is received again, the client identifier is black. The identifiers in the list are matched and the server will directly reject the delivery of multimedia information to the client.

With the above technical solution, the server adopts an authentication method to verify whether the client is a hacking client, and the authentication reliability and accuracy are higher through the encryption function than the IP address verification method.

Referring to FIG. 4, in the embodiment of the present invention, a process for preventing illegal client stealing includes:

Step 400: Send a multimedia information request message to the server.

In the embodiment of the present invention, when the client receives the user indication and determines the multimedia information to be acquired, the client sends a multimedia information request message to the server according to the multimedia information that needs to be acquired. The multimedia information request message includes the multimedia information requested by the client, the IP address of the client, and the network port number, and the multimedia information request message may be implemented by using an HTTP message; the multimedia information may be picture information, video information, or Audio information.

In the embodiment of the present invention, after the client sends the multimedia information to the server, the server generates a verification string according to the information contained in the multimedia information request message; and the server adds the verification string to the verification message and sends the verification string to the client. end.

Step 410: Receive a verification message generated by the server according to the multimedia information request message, where the verification message includes a verification string.

In the embodiment of the present invention, the client receives the verification message sent by the server, and obtains the verification string included in the verification message.

Step 420: Perform an operation on the verification string included in the verification message to generate first verification information.

In the embodiment of the present invention, the client uses a preset white box encryption function to encrypt the verification string included in the verification message, and processes the encrypted verification string by using a preset digital signature algorithm to generate the first A verification message. The white box encryption function is an encryption function generated according to a preset encryption algorithm and a key, and the preset encryption algorithm may be set according to a specific application scenario; when the client generates a white box encryption function, the foregoing is deleted. Key. Optionally, the first verification information obtained by the client satisfies the formula 1.

According to the above technical solution, the client generates a white box encryption function locally according to the preset encryption function and the key, and the generated verification string is processed by the white box encryption function, and the client does not include the key locally, and the chain is stolen. No matter whether through static tracking or dynamic tracking, the key cannot be obtained. Even if the hacker knows the above-mentioned default encryption algorithm, the brute force method is needed to obtain the key, thereby implementing the hacking, which will greatly improve the duration of the hacking. The cost of stealing chains increases the reliability of the anti-theft chain.

Step 430: Send a verification response message to the server according to the first verification information.

Step 440: The notification server performs operation on the verification string and the key corresponding to the client, generates second verification information, and refuses to send the multimedia information returned by the server to the first verification information when the first verification information is different from the second verification information. Client.

In the embodiment of the present invention, the server locally saves the peer function, and the peer function corresponds to the white box encryption function, and uses the peer function to perform the operation on the verification string; and uses the preset encryption algorithm to perform the above operation. The verification string is encrypted to generate second verification information. When the server determines that the first verification information is the same as the second verification information, it is determined that the client is a non-hacking client, and the multimedia information requested by the multimedia information request message is sent to the client. End, wherein the multimedia information can be carried by an HTTP message. When the server determines that the first verification information is different from the second verification information, it is determined that the client is a hacking client, and the multimedia information requested by the multimedia information request message is refused to be sent to the client.

Further, in order to ensure the reliability of the anti-theft chain, the key needs to be changed periodically. When the client determines that the key has changed, it generates the latest white-box encryption function according to the changed key and the preset algorithm; replaces the locally saved white-box encryption function with the latest white-box encryption function. The peer function remains the same as the key change in the client. In the specific implementation, after the server verifies the current client, the server sends the key command to the client, and sends the changed key to the client, and the client generates the latest white-box encryption function by itself; or The server locally generates the latest white-box encryption function based on the changed key and preset algorithm, and sends it to the corresponding client.

Based on the foregoing technical solution, as shown in FIG. 5, in the embodiment of the present invention, a server for preventing theft chain is further provided, including a verification string obtaining unit 50, a verification message generating unit 51, a sending unit 52, and a notification unit 53, receiving Unit 54, verification information generating unit 55, and chain breaking processing unit 56, wherein:

a verification string obtaining unit 50, configured to obtain a message according to the received multimedia information, and obtain Taking a verification string corresponding to the client that sends the multimedia information request message;

The verification message generating unit 51 is configured to generate a verification message according to the verification string;

a sending unit 52, configured to send the verification message to the client;

The notification unit 53 is configured to notify the client to perform an operation on the verification string included in the verification message to generate first verification information.

The receiving unit 54 is configured to receive the verification response message sent by the client, where the verification response message includes the first verification information;

The verification information generating unit 55 is configured to perform operation on the verification string to generate second verification information.

The hacking processing unit 56 is configured to: when the first verification information is different from the second verification information, determine that the client is a hacking client, and refuse to send the multimedia information requested by the multimedia information request message To the client.

Optionally, the verification string obtaining unit 50 is configured to: acquire a plurality of message attributes included in the multimedia information request message, and arrange the acquired plurality of message attributes according to a preset rule to form Verify the string. The plurality of message attributes include at least: an IP address of the client, a network port number,

Optionally, the message attribute included in the multimedia information request message further includes: acquiring the time when the multimedia information request message is received, where the verification string obtaining unit 50 is further configured to acquire the content included in the multimedia information request message. Message attributes, such as: the Internet Protocol IP address of the client, the network port number, and the time of receiving the multimedia information request message; generating a random number locally; the random number, the IP address, and the network port number And receiving the multimedia information request message at a time, and arranging according to a preset rule to form a verification string.

Further, the processing unit 57 is further configured to: determine that the IP address and the network port number are correct before performing the operation on the verification string.

Based on the foregoing technical solution, as shown in FIG. 6, in the embodiment of the present invention, a client for preventing theft chain is further provided, including a sending unit 60, a receiving unit 61, a verification information generating unit 62, and a verification response message generating unit 63. And a notification unit 64, wherein:

The sending unit 60 is configured to send a multimedia information request message to the server;

The receiving unit 61 is configured to receive the verification message that is generated by the server according to the multimedia information request message, where the verification message includes a verification string;

The verification information generating unit 62 is configured to perform verification string included in the verification message Computing to generate first verification information;

The verification response message generating unit 63 is configured to generate a verification response message according to the first verification information;

The sending unit 60 is further configured to send the verification response message to the server;

The notification unit 64 is configured to notify the server to perform operation on the verification string and the key corresponding to the client, generate second verification information, and when the first verification information is different from the second verification information, , refuse to send the multimedia information returned by the server to the client.

The verification information generating unit 62 is specifically configured to: perform a calculation on the verification string included in the verification message by using a preset white box encryption function; and encrypt the verified verification string by using a preset encryption algorithm. Generating the first verification information;

The notification unit 64 is configured to: notify the server to use a peer function corresponding to the white box encryption function, perform operation on the verification string and the key corresponding to the client, and generate a second verification. information.

The client further includes an updating unit 65, configured to: when determining that the key is changed, generate the latest white-box encryption function according to the changed key and the preset algorithm; replace the locally saved white-box encryption function with The latest white box encryption function.

In summary, the client sends a multimedia information request message to the server; the server obtains the verification string corresponding to the client according to the multimedia information request message sent by the client; the server generates a verification message according to the verification string. The client uses a preset white box encryption function to encrypt the verification string included in the verification message to generate first verification information; the server adopts a peer function corresponding to the white box encryption function, The verification string and the key corresponding to the client are operated to generate second verification information. When the first verification information is different from the second verification information, the server determines that the client is a hacking client, and rejects the multimedia information request message. The requested multimedia information is sent to the client. According to the technical solution of the embodiment of the present invention, the white box encryption function and the peer function are respectively saved locally on the client side and the server, and the white box encryption function and the peer function are corresponding functions, and the white box encryption function verifies the verification. The string is encrypted to generate the first verification information. Since the hacker needs to obtain the encryption algorithm and the key for the hacking of the multimedia information, the embodiment of the present invention does not involve the key in the entire authentication process, so that the hacker cannot obtain the key. The key, therefore, the white box encryption algorithm can more reliably prevent the stolen chain behavior; and, the first verification information generated by the peer function is authenticated, and the client whose authentication fails is determined as the stolen client End, the thief-chain client is indeed The process depends on the authentication result, and is not limited by the IP address and the reference address. On the basis of further ensuring the reliability of the anti-theft chain, the scope of application and the reliability of the anti-theft chain are effectively improved.

The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without deliberate labor.

Through the description of the above embodiments, those skilled in the art can clearly understand that the various embodiments can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware. Based on such understanding, the above-described technical solutions may be embodied in the form of software products in essence or in the form of software products, which may be stored in a computer readable storage medium such as ROM/RAM, magnetic Discs, optical discs, etc., include instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments or portions of the embodiments.

It should be noted that the above embodiments are only used to explain the technical solutions of the embodiments of the present invention, and are not limited thereto; although the embodiments of the present invention are described in detail with reference to the foregoing embodiments, those skilled in the art should understand The technical solutions described in the foregoing embodiments may be modified, or some of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. The spirit and scope of the programme.

Claims (12)

  1. A method for preventing stolen chain, characterized in that it comprises:
    Obtaining, according to the received multimedia information request message, a verification string corresponding to the client that sends the multimedia information request message;
    Generating a verification message according to the verification string; and
    Sending the verification message to the client;
    Notifying the client to perform an operation on the verification string included in the verification message to generate first verification information;
    Receiving the verification response message sent by the client, where the verification response message includes the first verification information;
    Performing an operation on the verification string and the key corresponding to the client to generate second verification information;
    When the first verification information is different from the second verification information, it is determined that the client is a hacking client, and the multimedia information requested by the multimedia information request message is refused to be sent to the client.
  2. The method according to claim 1, wherein the obtaining the verification character string corresponding to the client that sends the multimedia information request message according to the received multimedia information request message comprises:
    Obtaining a plurality of message attributes included in the multimedia information request message, where the multiple message attributes include at least: an internet protocol IP address of the client, and a network port number;
    The obtained plurality of message attributes are arranged according to a preset rule to form a verification string.
  3. The method according to claim 2, wherein before the operation of the verification string and the key corresponding to the client, the method further comprises:
    Determining that the IP address and the network port number are correct.
  4. A method for preventing stolen chain, characterized in that it comprises:
    Sending a multimedia information request message to the server;
    Receiving, by the server, a verification message generated according to the multimedia information request message, where the verification message includes a verification string;
    Performing an operation on the verification string included in the verification message to generate first verification information;
    Generating a verification response message to the server according to the first verification information;
    Notifying the server to perform operation on the verification string and the local corresponding key to generate second verification information, and rejecting the multimedia information returned by the server when the first verification information is different from the second verification information Send to local.
  5. The method according to claim 4, wherein the operation of the verification string included in the verification message to generate the first verification information comprises:
    Performing an operation on the verification string included in the verification message by using a preset white box encryption function;
    Encrypting the verified verification string by using a preset encryption algorithm to generate the first verification information;
    The server is notified to perform the operation on the verification string and the local corresponding key, and specifically includes:
    The server is notified to use a peer function corresponding to the white box encryption function, and the verification string and the key corresponding to the client are operated to generate second verification information.
  6. The method of claim 5, wherein the method further comprises:
    When it is determined that the key is changed, the latest white-box encryption function is generated according to the changed key and the preset algorithm;
    Replace the locally saved white box encryption function with the latest white box encryption function.
  7. A server for preventing piracy, characterized in that it comprises:
    a verification string obtaining unit, configured to acquire, according to the received multimedia information request message, a verification character string corresponding to the client that sends the multimedia information request message;
    a verification message generating unit, configured to generate a verification message according to the verification string;
    a sending unit, configured to send the verification message to the client;
    a notification unit, configured to notify the client to perform an operation on the verification string included in the verification message, to generate first verification information;
    a receiving unit, configured to receive the verification response message sent by the client, where the verification response message includes the first verification information;
    a verification information generating unit, configured to calculate the verification string and the key corresponding to the client, to generate second verification information;
    The hacking processing unit is configured to: when the first verification information is different from the second verification information, determine that the client is a hacking client, and refuse to send the multimedia information requested by the multimedia information request message to The client.
  8. The server according to claim 7, wherein the verification string obtaining unit is specifically configured to:
    Obtaining a plurality of message attributes included in the multimedia information request message, where the plurality of message attributes at least include: an internet protocol IP address of the client, a network port number; and the obtained plurality of message attributes are preset according to The rules are arranged to form a verification string.
  9. The server according to claim 8, further comprising a processing unit, configured to:
    Before performing the operation on the verification string, it is determined that the IP address and the network port number are correct.
  10. A client for preventing stolen chain, characterized in that it comprises:
    a sending unit, configured to send a multimedia information request message to the server;
    a receiving unit, configured to receive a verification message generated by the server according to the multimedia information request message, where the verification message includes a verification string;
    a verification information generating unit, configured to perform an operation on the verification string included in the verification message to generate first verification information;
    a verification response message generating unit, configured to generate a verification response message according to the first verification information;
    The sending unit is further configured to send the verification response message to the server;
    a notification unit, configured to notify the server to perform operation on the verification string and the key corresponding to the client, to generate second verification information, and when the first verification information is different from the second verification information, Refuse to send the multimedia information returned by the server to the client.
  11. The client according to claim 10, wherein the verification information generating unit is configured to: perform a calculation on the verification string included in the verification message by using a preset white box encryption function; The encryption algorithm is configured to encrypt the computed verification string to generate the first verification information;
    The notification unit is configured to: notify the server to use a peer function corresponding to the white box encryption function, perform operation on the verification string and the key corresponding to the client, and generate second verification information. .
  12. The client according to claim 11, further comprising an updating unit, configured to:
    When it is determined that the key has changed, the latest one is generated based on the changed key and the preset algorithm. White box encryption function; replaces the locally saved white box encryption function with the latest white box encryption function.
PCT/CN2016/075229 2015-05-15 2016-03-01 Link-stealing prevention method, link-stealing prevention server, and client side WO2016184216A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510251430.5 2015-05-15
CN201510251430.5A CN105721411A (en) 2015-05-15 2015-05-15 Method for preventing hotlinking, server and client terminalfor preventing hotlinking

Publications (1)

Publication Number Publication Date
WO2016184216A1 true WO2016184216A1 (en) 2016-11-24

Family

ID=56144723

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/075229 WO2016184216A1 (en) 2015-05-15 2016-03-01 Link-stealing prevention method, link-stealing prevention server, and client side

Country Status (2)

Country Link
CN (1) CN105721411A (en)
WO (1) WO2016184216A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282451A (en) * 2017-01-20 2018-07-13 广州市动景计算机科技有限公司 Hijacking data judgment method, device and user terminal
CN106993201A (en) * 2017-03-17 2017-07-28 武汉斗鱼网络科技有限公司 The authorization check method and device of video playback
CN107426589B (en) * 2017-03-31 2018-08-10 武汉斗鱼网络科技有限公司 A kind of video request, video broadcasting method and device
CN106941496B (en) * 2017-03-31 2019-12-13 北京奇艺世纪科技有限公司 login verification method and device
CN107135408B (en) * 2017-03-31 2020-06-12 武汉斗鱼网络科技有限公司 Authentication method and device for video stream address
CN107181733B (en) * 2017-03-31 2019-12-13 北京奇艺世纪科技有限公司 Login verification method and device
CN108737854A (en) * 2017-04-21 2018-11-02 武汉斗鱼网络科技有限公司 A kind of method for verifying authority and device of video render
CN107172461B (en) * 2017-06-19 2019-12-03 武汉斗鱼网络科技有限公司 A kind of video flowing method for authenticating and device
CN107333151B (en) * 2017-06-30 2019-07-09 武汉斗鱼网络科技有限公司 A kind of video flowing address method for authenticating and device
CN109218773A (en) * 2017-06-30 2019-01-15 武汉斗鱼网络科技有限公司 A kind of method for authenticating and device of video flowing address
CN107294985A (en) * 2017-06-30 2017-10-24 北京小米移动软件有限公司 Information Authentication method, apparatus and system
CN107483987B (en) * 2017-06-30 2020-02-07 武汉斗鱼网络科技有限公司 Authentication method and device for video stream address
CN107579968B (en) * 2017-08-30 2018-07-06 武汉斗鱼网络科技有限公司 Video flowing address detection method, device and server
CN108307211B (en) * 2018-01-05 2020-02-07 武汉斗鱼网络科技有限公司 Video stream address authentication method, storage medium, device and system
CN108322449A (en) * 2018-01-09 2018-07-24 武汉斗鱼网络科技有限公司 A kind of method, storage medium, equipment and system for preventing video flowing stolen

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950413B1 (en) * 2000-07-20 2005-09-27 Jenn-Chorng Liou Mutually-assisted proximity informer system and method with wireless devices
CN102025749A (en) * 2011-01-18 2011-04-20 中国联合网络通信集团有限公司 Anti-theft method of mobile streaming media service
CN103067409A (en) * 2013-01-21 2013-04-24 中国科学院信息工程研究所 World wide web (WEB) hotlinking protection method and gateway system thereof
CN105187397A (en) * 2015-08-11 2015-12-23 北京思特奇信息技术股份有限公司 WEB system page integration anti-hotlinking method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036924B (en) * 2011-09-29 2017-02-22 深圳市云帆世纪科技有限公司 Chaining processing method and chaining processing system
CN103067156B (en) * 2012-12-28 2016-01-20 北京移数通电讯有限公司 The URL encryption of mobile Internet user resources access, verification method and device
CN104135507B (en) * 2014-06-30 2018-01-16 北京奇艺世纪科技有限公司 A kind of method and apparatus of door chain
CN104320377B (en) * 2014-09-25 2017-07-07 华为技术有限公司 The anti-stealing link method and equipment of a kind of files in stream media

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950413B1 (en) * 2000-07-20 2005-09-27 Jenn-Chorng Liou Mutually-assisted proximity informer system and method with wireless devices
CN102025749A (en) * 2011-01-18 2011-04-20 中国联合网络通信集团有限公司 Anti-theft method of mobile streaming media service
CN103067409A (en) * 2013-01-21 2013-04-24 中国科学院信息工程研究所 World wide web (WEB) hotlinking protection method and gateway system thereof
CN105187397A (en) * 2015-08-11 2015-12-23 北京思特奇信息技术股份有限公司 WEB system page integration anti-hotlinking method and system

Also Published As

Publication number Publication date
CN105721411A (en) 2016-06-29

Similar Documents

Publication Publication Date Title
US10277577B2 (en) Password-less authentication system and method
US8904558B2 (en) Detecting web browser based attacks using browser digest compute tests using digest code provided by a remote source
US10027631B2 (en) Securing passwords against dictionary attacks
US9900346B2 (en) Identification of and countermeasures against forged websites
EP2945344B1 (en) Token-based validation method for segmented content delivery
EP2850770B1 (en) Transport layer security traffic control using service name identification
US9887999B2 (en) Login method and apparatus
Sun et al. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
US9935772B1 (en) Methods and systems for operating secure digital management aware applications
US8826018B2 (en) Stateless human detection for real-time messaging systems
US20140310779A1 (en) Systems and methods for efficient and secure temporary anonymous access to media content
US8850219B2 (en) Secure communications
US8762731B2 (en) Multi-system security integration
US20160119291A1 (en) Secure communication channel with token renewal mechanism
US8763101B2 (en) Multi-factor authentication using a unique identification header (UIDH)
US20140289839A1 (en) Resource control method and apparatus
Do et al. A data exfiltration and remote exploitation attack on consumer 3D printers
EP2304636B1 (en) Mobile device assisted secure computer network communications
US8793780B2 (en) Mitigation of application-level distributed denial-of-service attacks
US8631481B2 (en) Access to a network for distributing digital content
US8813181B2 (en) Electronic verification systems
US9215065B2 (en) Media player security for full length episodes
US7475252B2 (en) System, method and program to filter out login attempts by unauthorized entities
US10157280B2 (en) System and method for identifying security breach attempts of a website
US9338164B1 (en) Two-way authentication using two-dimensional codes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16795703

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 01/03/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16795703

Country of ref document: EP

Kind code of ref document: A1